Password managers are a great tool that help agencies manage the many passwords staff use during their day to access online information. Password managers allow you to create complex passwords and store them, so you don’t have to write them down to remember them.
You access the stored passwords using a “master password.”
And that is a vulnerability. If you don’t choose a unique password, a hacker could access the keys to your kingdom.
Last Pass, one of the popular password management programs, announced last Friday they had begun investigating “unusual activity” two weeks prior. They worked with a cyber security and forensics firm. A company spokesman said, “we have no evidence that this incident involved any access to customer data or encrypted password vaults.” That is the good news.
It appears that hackers did gain access to a development platform and certain company source code and other proprietary information.
To emphasize the point, it does not appear at this point that any customer passwords were breached.
And, if you are a Last Pass customer, it’s probably a good idea to go ahead and change your master password, just to be safe.
In the email, I have included links to additional information:
- Wall Street Journal article (Free to read)
- LastPass Security Incident Notice